songxpu
commented
1 year ago More specifically: Program
#include <stdio.h>
int main(int argc, char *argv[]) {
printf("Hello World!\n");
return 0;
}libsbr-trace.so: we write the handle_syscall_real to implement rewriting, and the function iwrite shows how we rewrite write.
I am familiar with debugging the code of the target binary program launched by SaBRe, but I'm uncertain about how to effectively observe the implementation code of the plugin's system call rewrite for the target, specifically referring to the iwrite function, during the execution of the binary program.
This code is just a demo, but I'm actually debugging the two plugins now, i.e., https://github.com/andronat/SaBRe/blob/snapfuzz/plugins/sbr-afl/main.c and https://[raw.githubusercontent.com/srg-imperial/SaBRe/master/plugins/sbr-trace/strace.c](https://raw.githubusercontent.com/srg-imperial/SaBRe/master/plugins/sbr-trace/strace.c)
long handle_syscall_real(long s...) {
...
if (sc_no == SYS_write) {
return iwrite(arg1, (const void *)arg2, arg3);
}
ssize_t iwrite(int fd, const void *buf, size_t count) {
// do something firstly **Q: how to debug this code**
long rc = real_syscall(SYS_write, fd, (long)buf, count, 0, 0, 0);
...
}
return real_syscall(SYS_write, fd, (long)buf, count, 0, 0, 0);
}
For example
/sabre ./plugins/sbr-trace/libsbr-trace.so -- test_sbrtrace_hello.What should we do to debug libsbr-trace.so intercept and replace system calls in gdb? For example, the program executes the write system call, and the plugin prints out some log messages before executing write.
Even though I used gdb to debug sabre, gdb was never able to intercept and view the code function in the dynamic link library libsbr-trace.so that rewrites the system call.
Understanding this process is very important for writing new plugins, can you answer and explain this process, thanks.